Return-Path: X-Original-To: apmail-subversion-users-archive@minotaur.apache.org Delivered-To: apmail-subversion-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 99A83105B5 for ; Thu, 13 Jun 2013 08:46:19 +0000 (UTC) Received: (qmail 3487 invoked by uid 500); 13 Jun 2013 08:46:18 -0000 Delivered-To: apmail-subversion-users-archive@subversion.apache.org Received: (qmail 3411 invoked by uid 500); 13 Jun 2013 08:46:17 -0000 Mailing-List: contact users-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@subversion.apache.org Received: (qmail 3378 invoked by uid 99); 13 Jun 2013 08:46:15 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Jun 2013 08:46:15 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of Terry.Dooher@naturalmotion.com designates 86.12.140.205 as permitted sender) Received: from [86.12.140.205] (HELO mail1.naturalmotion.com) (86.12.140.205) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Jun 2013 08:46:10 +0000 From: Terry Dooher To: "users@subversion.apache.org" Date: Thu, 13 Jun 2013 09:45:47 +0100 Subject: Authentication of sync user on write-through proxy. Thread-Topic: Authentication of sync user on write-through proxy. Thread-Index: Ac5oCypDIAyVD1EETYyZgP1ddfIjXg== Message-ID: <1CE1BECC0915A6448EAE5D7080EDA905052CC7FCB3@oxexc1> Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org Hi all, I've set up a write-through proxy for one of our studios and I'm getting Ac= cess Denied errors when the post-commit hook executes, or when running the = sync command manually from the master.=20 I'm using apache 2.2/mod_dav_svn 1.7.7 on Debian 6.0. The apache config for= vhost "repo-slave.example.com" is as follows: # Primary configuration for local user access. Order allow,deny Allow from all DAV svn SVNPath "/var/svn-slave/repo" SVNMasterURI http://repo.example.com/proxy-master AuthType Basic AuthName "Test Repository (SLAVE)" AuthUserFile "/etc/apache2/auth/htpass" AuthzSVNAccessFile "/etc/apache2/auth/perms" Require valid-user # Sync access. DAV svn SVNPath "/var/svn-slave/repo" Order deny,allow # Allow connections from server VLAN only. Allow from 192.168.10.0/24 AuthType Basic AuthName "Test Repository (SLAVE)" AuthUserFile "/etc/apache2/auth/sync-htpass" Require user syncuser When executing the following from the master server=20 svnsync sync --non-interactive --no-auth-cache --sync-username syncuser \ --sync-password http://repo-slave.example.com/repo-proxy-sync file:= ///var/svn/repo I get:=20 svnsync: E175013: Unable to connect to a repository at URL 'http://repo-sl= ave.example.com/repo-proxy-sync' svnsync: E175013: Access to 'http://repo-slave.example.com/repo-proxy-sync= ' forbidden And this in the slave error log: [Thu Jun 13 01:02:01 2013] [error] [client 192.168.10.10] Access denied: 's= yncuser' OPTIONS :/repo-proxy-sync So it's 403ing; I think because it can't find 'syncuser' in /etc/apache2/au= th/htpass. The problem only occurs when I have the Primary configured at th= e URI root . If I set them up on separate adjacent paths, it wo= rks; but according to the apache docs, I _should_ be able to override setti= ngs in nested Locations. (cf: http://httpd.apache.org/docs/current/sections= .html#file-and-web)=20 Is there a way I can get around this? I could change the Location directive= s, but I'd prefer the slave URIs to mirror the master URIs (and changing th= ose would impact a lot of automated processes) Thanks, Terry.